Year: 2010

There have been a few recent incidents of what we previously thought was extremely rare — malware authors using code signing certificates that were issued to companies with good reputations. The high-profile Stuxnet incident included validly signed malware with misappropriated Authenticode certificates from two Taiwanese companies. More recently, it appears a U.S. credit union lost…

Make your password strong, with a unique jumble of letters, numbers and punctuation marks. But memorize it — never write it down. And, oh yes, change it every few months… Yes, that’s it? Or not? “Keeping a keylogger off your machine is about a trillion times more important than the strength of any one of…

Microsoft has released a new version of a software tool that developers and administrators can use to harden older applications against common vulnerabilities. Short for Enhanced Mitigation Experience Toolkit, EMET version 2.0 brings several new protections to operating systems and applications such as Windows XP or Internet Explorer 6, which remain widely used even though…

[PCMag] In the last several years, for the most part, Microsoft “got” the importance of security and took it to heart. One of the main points they got was that it was in their interest for all the software running on Windows systems (the Windows “ecosystem”) to be secure, so they have been increasingly less…

Microsoft has made available for download the second Beta development milestone of an anti-DoS extension for version 7.0 of Internet Information Services [IIS]. The Microsoft Dynamic IP Restrictions for IIS 7.0 has reached Beta2 and is up for grabs via the Microsoft Download Center in two flavors, 32-bit (x86) and 64-bit (x64). http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=a0920a32-b63d-4e13-8e42-7ad7ad9b3168 The Dynamic…

[PCWorld] You already know the basics of internet security, right? But when you’ve got the basics covered, but you still don’t feel secure, what can you do? Here are a few advanced security tips to help you thwart some of today’s most common attacks. http://www.pcworld.com/article/201309/security_secrets_the_bad_guys_dont_want_you_to_know.html?&tk=hp_fv Urs

[The Washington Post] A group of nations — including the United States, China and Russia — have for the first time signaled a willingness to engage in reducing the threat of attacks on each other’s computer networks. http://www.washingtonpost.com/wp-dyn/content/article/2010/07/16/AR2010071605882.html Urs

For the past week or so, MSRC has been closely tracking a new family of threats called Stuxnet (a name derived from some of the filename/strings in the malware — mrxcls.sys, mrxnet.sys). In the past few days, it has become a popular topic of discussion amongst security researchers and in the media. First and foremost, MSRC…

An unsupported version of Windows will no longer receive software updates from Windows Update. These include security updates that can help protect your PC from harmful viruses, spyware, and other malicious software, which can steal your personal information. Windows Update also installs the latest software updates to improve the reliability of Windows—new drivers for your…